Indians and privacy

Go to page

Go to page

Sith Lord

sure okay, but what is the problem with the app?
The app itself does not have the capability for misuse at this point of time.

Thing is, let us just say that the worst case scenario is that the govt is trying to consolidate its power by putting itself in the centre of personal life instead of being a service provider in civic life, then the point of attack should not be the app. If the worst case scenario is indeed true, then attacking the app will not achieve anything, better to channel all efforts to a better personal data regime. This is stuck in limbo because of pushback from stakeholders, where simple services such as Wikipedia will not work because the proposed data privacy regime is actually harsher than GDPR! No one has checked if the app is GDPR compliant btw. IMO we need to go through the entire process and find out exactly how claustrophobic these surveillance tech can get before there is sufficient public push back to effect actual change. It took like 15 years before the UK started destroying the national DNA database, IMO, India has to go through this journey if the surveillance gets oppressive. It might just turn out to be fine. We cannot say at this point in time.

Destroy Erase Improve

Thing is, let us just say that the worst case scenario is that the govt is trying to consolidate its power by putting itself in the centre of personal life instead of being a service provider in civic life, then the point of attack should not be the app

Only thing I want is transparency. I am not against installing the app as long as there is transparency as to what data is being collected and how it is processed. Publishing the source code will help in this regard. It will also calm down privacy activists and lawyers and improve the image of the govt. It's win-win.

In either case, I will defer to the Internet Freedom Foundation's judgement in this regard.

Well-Known Member

No one is doubting the intention of the app by the way. Adhar was also intended to be a population registry of sorts but look how many data breaches related to adhar has happened so far, that too was given to a private body for implementation, I think it was Infosys.

External audit is only solution to solve this imo. Especially since the app is a non profit app..
And look at the positive scenario. Maybe such open source contribution will let other countries join in. This can really boost India's rep.

Super Moderator

No one is doubting the intention of the app by the way. Adhar was also intended to be a population registry of sorts but look how many data breaches related to adhar has happened so far, that too was given to a private body for implementation, I think it was Infosys.

Sith Lord

There has been no data breach from Aadhaar, it was mostly during the on boarding process, and the punishment for that was harsh. For example, the guy who revealed Dhoni's details on social media, that entire agency was shut down.

Internet Freedom Foundation had a webinar on Friday, more details here here. Sat through one hour of that. There were zero relevant points made about Aarogya Setu, everything was not about the functionality of the app but about larger privacy concerns. When questioned specifically about it, Apar says something like "it is all connected", while giving no concrete points on the app itself. You cannot really convince people based on what the government may or may not do in the future.

So far, still no single legitimate issue when it comes to the app.

Simple thing is the data for a vast majority of the users does not even leave the device. For example, more than 4,92,212 people are using the app in 10km radius of me, but only 113 are infected, and the servers contain the details of only these 113 people.

Sith Lord

Its difficult to give a link to aadhaar breach issue, as each individual case has to be addressed to say there has been no breach. However, here is a list to UIDAI press releases, where they have responded to all the reports and rumours of alleged breaches. When flurries of the reports were coming in, top people at UIDAI were periodically informing people that there were no breaches so far, something that was even clarified in the supreme court.

Now coming to the app, this is how the data is actually used
-user data saved locally on smartphone is deleted after 30 days
-user data saved in the cloud for even those who test positive is deleted after 60 days

So really, there is no problem with this particular app. Highly doubt that all the tech has been developed in house from scratch. This is all pure speculation, but will go ahead and post the basis of my suspicions anyway. The symptom tracker implementation is similar to what is outlined in this whitepaper. The on boarding process is similar to what has been proposed here by a Stanford student. Finally, the BlueTooth chirping component could be the PACT protocol by MIT or BlueTrace developed by Singapore, both of which are open source. It's highly unlikely that NIC developed their own protocol in three days. I am not sure if all of this is exactly what they did, but if you do put these things together, you will end up with an app very similar to Aarogya Setu.

Destroy Erase Improve

All of these will be verified once the source code is released. I think this is a good first step in releasing public sector code as open source. IMO all software developed using tax payer money should be open source.